Skip to content

chore(agent): migrate to skills-based instruction system and extend roadmap#11

Merged
thlaure merged 9 commits intomasterfrom
chore/agent-skills-migration
Apr 19, 2026
Merged

chore(agent): migrate to skills-based instruction system and extend roadmap#11
thlaure merged 9 commits intomasterfrom
chore/agent-skills-migration

Conversation

@thlaure
Copy link
Copy Markdown
Owner

@thlaure thlaure commented Apr 19, 2026
edited
Loading

Summary

  • Introduce AGENTS.md as the single source of truth for agent instructions (Claude Code + Codex share one file)
  • Thin CLAUDE.md down to a one-line pointer to AGENTS.md
  • Replace flat .claude/commands/ + .claude/workflows/ with scoped skills, rules, and patterns files
  • Overhaul .claude/settings.json: add permission allow/deny lists, JSON schema reference, remove legacy PostToolUse hook
  • Add Phase 4.5 Social Recap to roadmap: AI-generated weekly social posts reusing the newsletter aggregation pipeline
  • Split Phase 6.3 into share-links (existing) and crossposting via platform APIs (new, builds on Phase 4.4 OAuth2)
  • Apply Rector modernization across codebase: import names, yoda style, concat spacing, expanded paths, new rule sets

Test plan

  • Verify AGENTS.md loads correctly in Claude Code and Codex sessions
  • Confirm .claude/settings.json permissions are respected
  • Review roadmap additions for accuracy and sequencing consistency
  • GrumPHP pre-commit hook passes (phpstan, phpcsfixer, phpunit, behat, rector) ✔

🤖 Generated with Claude Code

Thomas Laure and others added 9 commits April 19, 2026 12:35
@claude
chore(agent): migrate to AGENTS.md and skills-based instruction system
9a31b6f 
- Introduce AGENTS.md as the single source of truth for all agents
- Thin CLAUDE.md down to a one-line pointer to AGENTS.md
- Replace flat commands/workflows with scoped skills and rules files
- Overhaul .claude/settings.json: add permission allow/deny lists and
  JSON schema reference; remove the legacy PostToolUse hook

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
docs(roadmap): add social recap and crossposting features
f8c7205 
- Add Phase 4.5: SocialRecap domain — AI-generated weekly social posts
  reusing Phase 4.2 content aggregation and Phase 3 LLM summarization
- Split Phase 6.3 into 6.3.1 share links (existing plan) and 6.3.2
  crossposting via platform APIs (OAuth2, builds on Phase 4.4)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
refactor(rector): apply code modernization rules across codebase
fcf9580 
- Enable import names (replace FQCNs with use statements)
- Expand Rector paths to include config/, public/, migrations/
- Add SymfonySetList::ANNOTATIONS_TO_ATTRIBUTES and
  DoctrineSetList::DOCTRINE_ORM_300 rule sets
- Apply yoda comparison style throughout
- Normalize string concatenation (remove spaces around .)
- Remove redundant PHP CS Fixer rules now handled by Rector

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
chore(agent): add guardrails hook with portable path resolution
64d3339 
- Add .claude/hooks/guardrails.py: PostToolUse hook covering protected
  branch guard, instruction-file edit warning, phpstan.neon guard,
  env-file staging guard, sensitive surface reminder, async entrypoint
  reminder, and cross-stack staged-files reminder
- Wire hook in settings.json for Bash, Edit, Write, and Read matchers
- Use git rev-parse --show-toplevel for portable path resolution so the
  hook works from any subdirectory (e.g. frontend/)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
fix(deps): resolve npm audit high-severity vulnerabilities
9faa94d 
- Upgrade flatted, picomatch, vite, and transitive dependencies
- Resolves: prototype pollution (flatted), ReDoS (picomatch),
  path traversal and file read bypass (vite)
- npm audit now reports 0 vulnerabilities

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
chore(ci): add Trivy container and filesystem security scan
26b2fcf 
- Scan prod Docker image for CRITICAL/HIGH CVEs (blocking)
- Scan repository for IaC misconfigurations (blocking)
- Mirrors the security gate already in place on insee-city-api

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
fix(docker): set APP_ENV=prod in prod Dockerfile
6e96a43 
Without this, post-install cache:clear boots Symfony in dev mode and
tries to instantiate dev-only bundles (DoctrineFixturesBundle) that
are not installed with --no-dev, causing the build to fail.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
fix(docker): skip composer post-install scripts during prod image build
4ea3465 
cache:clear requires runtime env vars (DATABASE_URL, JWT keys) that are
not available at image build time; use --no-scripts and defer cache
warming to container startup.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
fix(docker): create var/ directory before chown in prod image
83093b3 
var/ is gitignored and --no-scripts skips cache:clear which would have
created it; mkdir -p ensures the directory exists before chown.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@thlaure thlaure merged commit 76518cb into master Apr 19, 2026
6 checks passed
@thlaure thlaure deleted the chore/agent-skills-migration branch April 19, 2026 12:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thlaure